Method and apparatus for generating a random bit stream

ABSTRACT

Presently disclosed is method and apparatus for generating a random bit stream by generating a random bit according to a polynomial expression, providing a modification function operative on the polynomial expression, and modifying the polynomial expression by modifying the modification function.

REFERENCE TO RELATED APPLICATION

This application is a continuation application of U.S. patentapplication Ser. No. 11/173,329, filed Jun. 30, 2005, entitled Methodand Apparatus for Generating a Random Bit Stream, which is incorporatedherein by reference for all purposes.

BACKGROUND

Random numbers are used in a variety of application such as computergames. But they are also used in more serious applications, for examplein generating cryptographic keys and for some classes of scientificexperiments. There are two species of random number generators, namely,software or pseudo random number generators and hardware random numbergenerators. While the former is relatively inexpensive and easy toimplement, the latter if properly designed, can provide very close totrue randomness, but at a higher cost.

Software random number generators produce random numbers by usingmathematical formulas or they are simply taken from a pre-calculatedlist. Extensive research has been devoted to software random numbergenerators and there are presently algorithms available which arecapable of generating random numbers which seem as if they are trulyrandom. However, software random number generators have thecharacteristic that they are predictable.

Hardware random number generators, on the other hand, can be very closeto truly random. They usually come in the form of an electronic device,although a container containing a number of numbered balls, such as thatused in a lottery, also constitute a hardware random number generator.Hardware random number generators typically use an entropy source whichexhibits randomness. For example, a common hardware random numbergenerator used in a computer uses the random variations in a user'smouse movements or the amount of time between key strokes as an entropysource. Other hardware random number generators include those that useatmospheric noise from a radio and those that use a radioactive sourceand the points in time at which the radioactive source decays are usedto generate random numbers.

There is another class of random number generator which is known as ahybrid random number generator. A hybrid random number generator uses asoftware algorithm in order to generate a pseudo random number. Theoutput of a hybrid random number generator tends to approach a morerandom state when the input to the software algorithm is seeded with arandom seed value. Such a random seed value is often obtained from atraditional hardware random number generator. As such, the hybrid randomnumber generator is able to provide a much more random output than atrue software random number generator.

One problem with either the hardware random number generator or a hybridrandom number generator that relies on a hardware random numbergenerator for a seed value is that a hardware random number generatormay not always be able to provide a random number. Consider, forexample, a hardware random number generator that is based upon themovement of a user's mouse. In the case where a user is not using themouse, the hardware random number generator no longer has access to anentropy source. The same is true for a number of variations of hardwarerandom number generators. In order to provide a continuous stream ofrandom numbers, a suitable entropy source must be provided and must bereadily accessible at any point in time.

SUMMARY

Presently disclosed is method and apparatus for generating a random bitstream by generating a random bit according to a polynomial expression,providing a modification function operative on the polynomialexpression, and modifying the polynomial expression by modifying themodification function.

BRIEF DESCRIPTION OF THE DRAWINGS

Several alternative embodiments will hereinafter be described inconjunction with the appended drawings and figures, wherein likenumerals denote like elements, and in which:

FIG. 1 is a flow diagram that depicts one alternative illustrativemethod for generating a random bit stream;

FIG. 2 is a flow diagram that depicts alternative illustrative methodsfor providing a modification function;

FIG. 3 is a flow diagram that depicts one alternative illustrativemethod for modifying a polynomial expression according to a firstutilization of a previously generated random bit;

FIG. 4 is a flow diagram that depicts one alternative illustrativemethod for modifying a polynomial expression according to first andsecond utilizations of previously generated random bits;

FIG. 5 is a flow diagram that depicts one alternative illustrativemethod for generating a random bit stream;

FIG. 6 is a flow diagram that depicts alternative illustrative methodsfor providing a periodic function;

FIG. 7 is a flow diagram that depicts one alternative illustrativemethod for combining a captured plurality of skewed discrete steps of aperiodic function;

FIG. 8 is a block diagram that depicts one illustrative embodiment of apolynomial-based random bit generator;

FIG. 9 is a block diagram that depicts an alternative illustrativeembodiment of a polynomial-based random bit generator;

FIG. 10 is a block diagram that depicts an alternative illustrativeembodiment of a modification function generator; and

FIG. 11 is a block diagram that depicts an alternative illustrativeembodiment of a random bit generator.

DETAILED DESCRIPTION

FIG. 1 is a flow diagram that depicts one alternative illustrativemethod for generating a random bit stream. According to this alternativemethod, a random bit stream is generated by evaluating a polynomialexpression to generate a random bit (step 5). Typically an n^(th) orderpolynomial is used for this purpose. A modification function is thenprovided (step 10). According to one variation of the present method, amodification function contains a set of coefficients corresponding tothe terms of the polynomial expression. The polynomial expression isthen modified according to the modification function (step 15). Asubsequent random bit is that generated using the modified polynomialexpression. By randomly changing the modification function, a highdegree of randomness is achieved.

According to one illustrative use case, a random bit generator is basedon a linear feedback shift register (LFSR). A linear feedback shiftregister is structured according to coefficients included in apolynomial expression. According to yet another illustrative use case,the coefficients of the polynomial expression, held in a linear feedbackshift register, are modified randomly according to a hardware entropysource. Accordingly, a randomly changing modifying function operative onthe coefficients of the polynomial expression produces a series ofrandom bit with each successive modification of the polynomialexpression.

FIG. 2 is a flow diagram that depicts alternative illustrative methodsfor providing a modification function. According to one variation of thepresent method, a modification function is provided by providing aperiodic function (step 20) and allowing a period exhibited by theperiodic function to vary according to an operating voltage (step 25).It should be appreciated that fluctuations in operating voltage canprovide entropy, useful in introducing randomness into a modificationfunction used to modify a polynomial expression. According to yetanother variation of the present method, a modification function isprovided by providing a periodic function (step 20) and allowing aperiod exhibited by the periodic function to change according to anoperating temperature (step 30). According to this variation of thepresent method, variations in operating temperature serve as an entropysource, which introduces randomness into a modification functionprovided to modify a polynomial expression.

FIG. 2 further illustrates that, according to another alternativeillustrative method, a modification function is provided by furtherskewing the periodic function according to a pre-defined term in thepolynomial expression (step 35). Skewing the periodic function accordingto this alternative method introduces a phase perturbation in a periodicfunction. This exaggerates the entropy exhibited by a periodic function.

FIG. 3 is a flow diagram that depicts one alternative illustrativemethod for modifying a polynomial expression according to a firstutilization of a previously generated random bit. According to thisalternative method, a polynomial expression is modified by selecting afirst utilization of a previously generated random bit according to amodification function (step 40). A first term in the polynomialexpression (step 50) is evaluated according to the first selectedutilization and a previous value of a second term in the polynomialexpression (step 45). In yet another example variation of the presentmethod, the first evaluated term is captured in a manner that issubstantially contemporaneous with the selection of the firstutilization of a previously generated random bit (step 55).

FIG. 4 is a flow diagram that depicts one alternative illustrativemethod for modifying a polynomial expression according to first andsecond utilizations of previously generated random bits. According tothis alternative method, the polynomial expression is modified byfurther selecting a second utilization of a previously generated randombit according to a skewed rendition of the modification function (step60) and evaluating a second term in the polynomial expression (step 70)according to the second selected utilization and a previous value of athird term in the polynomial expression (step 65).

FIG. 5 is a flow diagram that depicts one alternative illustrativemethod for generating a random bit stream. According to this alternativemethod, a random bit is generated by providing a periodic function (step75), skewing the periodic function in a plurality of discrete steps(step 80), capturing a plurality of the skewed discrete steps of theperiodic function (step 85), and combining the captured plurality ofskewed discrete steps (step 90).

FIG. 6 is a flow diagram that depicts alternative illustrative methodsfor providing a periodic function. According to this alternative method,a periodic function is provided by allowing a period of the periodicfunction to vary according to at least one of an operating voltage (step95) and an operating temperature (step 100). By allowing the period tovary according to environmental factors such as operating voltage of anelectronic circuit and the temperature at which it operates, entropy isintroduced into the period of the periodic function.

FIG. 7 is a flow diagram that depicts one alternative illustrativemethod for combining a captured plurality of skewed discrete steps of aperiodic function. According to this alternative method, a plurality ofskewed discrete steps that are captured are combined by exclusivelyOR-ing individual, captured discrete steps of a periodic function witheach other (step 105).

FIG. 8 is a block diagram that depicts one illustrative embodiment of apolynomial-based random bit generator. According to this alternativeillustrative embodiment, a random bit generator comprises a modificationfunction generator 115 capable of generating a coefficient selectionsignal 120, a plurality of coefficient selectors 130 a-d each capable ofselecting a corresponding coefficient 135 a-d for a particular term in apolynomial according to the coefficient selection signal 120. Furtherincluded in this embodiment are a plurality of expression calculators140 a-d each capable of generating a corresponding polynomial term 150a-d according to a corresponding preceding polynomial term 145 a-d and acorresponding coefficient 135 a-d generated by a corresponding one ofthe plurality of coefficient selectors 130 a-d. Also included in thisembodiment are a plurality of expression registers 155 a-d each capableof capturing a corresponding generated polynomial term 150 a-d wherein arandom bit is selected as being an output 125 a-d from one of theexpression registers.

According to one alternative example embodiment, the modificationfunction generator 115 produces a coefficient selection signal 120 whichbehaves essentially randomly and is input to a plurality of coefficientselectors 130 a-d. The coefficient selectors 130 a-d operate to performa random selection of one of a plurality of previously stored polynomialterms (the outputs 125 a-d of the capture registers 155 a-d). Aplurality of coefficients 135 a-d are thus generated and presented tothe plurality of corresponding expression calculators 140 a-d. It shouldbe appreciated the selection of a coefficient is random based on therandom nature of the selection signal 120 in one alternative exampleembodiment. Each expression calculator 140 a-d operates to perform acalculation according to one of the plurality of correspondingcoefficients 135 a-d and a corresponding preceding polynomial term 145a-d. The plurality of expression registers 155 function to store aplurality of corresponding highly random polynomial terms 150 a-dgenerated by the corresponding expression calculators 140 a-d. A randombit is obtained by selecting the output 125 a-d of one of the expressionregisters 155 a-d.

FIG. 9 is a block diagram that depicts an alternative illustrativeembodiment of a polynomial-based random bit generator. According to thisalternative embodiment, a random bit generator comprises an oscillator170 and a plurality of storage registers 190 a-c. The storage registers190 a-c are organized as a linear feedback shift register. All but thefirst register in the shift register have as an input the output of anexpression calculator 185 a-b in the form of an exclusive “or” gate,which is also included in this alternative example embodiment of arandom bit generator. It should be appreciated that each storageregister 190 a-c is serviced by a corresponding expression calculator185 a-b, except for the first storage register in the linear feedbackshift register. The first register in the linear feedback shift registeris typically loaded with the value stored in the last register in thelinear feedback shift register. An expression calculator 185 a receivesat least two inputs; a feedback term 186 a and a preceding polynomialterm 187 a. The feedback term is selectively applied to one input of theexpression calculator 185 a according to a selection signal 175 which isgenerated by the oscillator 170.

FIG. 9 further illustrates that, according to one alternativeembodiment, a random bit generator further includes one or more delayelements 192 a-b. The one or more delay elements 192 a-b are disposed ina cascade manner so as to form a multi-tap delay structure. In thisalternative embodiment, the selection signal 175 a is provided to theinput of the first delay element such that a delayed rendition of theselection signal 175 b is developed at the output of the first delayelement 192 a in the cascade structure. The output of the first delayelement 192 a is then directed to the second delay element 192 b suchthat a further delayed rendition of the selection signal 175 c isdeveloped at the output of the second delay element. Each coefficientselector 180 a-b then uses a corresponding delayed-rendition of theselection signal according to its position in the polynomial.

FIG. 10 is a block diagram that depicts an alternative illustrativeembodiment of a modification function generator. According to thisalternative embodiment, a modification function generator 240 comprisesan oscillator 245. According to one alternative example embodiment, theoscillator 245 produces a periodic signal 260 whose frequency variesaccording to the level of voltage applied to the oscillator 245 asoperating power. According to another alternative example embodiment, aperiodic signal 260 generated by the oscillator 245 varies according tothe temperature of its ambient environment 255.

FIG. 11 is a block diagram that depicts an alternative illustrativeembodiment of a random bit generator. According to this alternativeembodiment, a random bit generator comprises a modification functiongenerator 300 capable of generating a coefficient selection signal 305,a plurality of delay elements 310 a-d disposed in cascade so as to delaythe coefficient selection signal 305 in a plurality of correspondingdiscrete steps 315 a-d, a plurality of capture registers 320 a-d capableof capturing a value of a delayed coefficient selection signal 305 at acorresponding discrete delay step, and a combiner 330 capable ofcombining a plurality of values 325 a-d captured by the correspondingcapture registers 320 a-d. According to yet another alternative exampleembodiment, the modification function generator 300 produces a periodicsignal that is sensitive to variations in at least one of an operatingvoltage and an operating temperature, as described supra. Thecoefficient selection signal 305 is input to a plurality of delayelements 310 a-d. The delay elements 310 a-d each operate to induce arandom delay on the coefficient selection signal 305 in discrete stepsdue to its position relative to a previous delay element. It should alsobe appreciated that each of the delay elements 310 a-d will exhibit arandom difference in the amount of delay they introduce, resulting frommanufacturing process variations and sensitivities to at least one ofoperating voltage and operating temperature.

While the present method and system have been described in terms ofseveral alternative methods and embodiments, it is contemplated thatalternatives, modifications, permutations, and equivalents thereof willbecome apparent to those skilled in the art upon a reading of thespecification and study of the drawings. It is therefore intended thatthe true spirit and scope of the appended claims include all suchalternatives, modifications, permutations, and equivalents.

1. A system for generating a bit stream comprising: a random bitgenerator generating a bit stream as a function of a polynomialexpression; a modification function generator generating a variableperiod function output; and a system for modifying the polynomialexpression according to the variable period function output.
 2. Thesystem of claim 1 wherein the modification function generator generatesthe variable period function output in response to an operating voltage.3. The system of claim 1 wherein the modification function generatorgenerates the variable period function output in response to anoperating temperature.
 4. The system of claim 1 wherein the random bitgenerator comprises a plurality of coefficient selectors.
 5. The systemof claim 1 wherein the random bit generator comprises a plurality ofexpression calculators.
 6. The system of claim 1 wherein the random bitgenerator comprises a plurality of expression registers.
 7. The systemof claim 1 wherein the random bit generator comprises a plurality ofstorage registers.
 8. The system of claim 1 wherein the random bitgenerator comprises a plurality of linear feedback shift registers. 9.The system of claim 1 wherein the random bit generator comprises aplurality of delay elements.
 10. The system of claim 1 wherein therandom bit generator comprises cascaded delay elements.
 11. The systemof claim 1 wherein the modification function generator comprises anoscillator.
 12. The system of claim 1 wherein the modification functiongenerator comprises a voltage controlled oscillator.
 13. The system ofclaim 1 wherein the modification function generator comprises atemperature controlled oscillator.
 14. A system for generating a bitstream comprising: a random bit generator generating a bit stream as afunction of a plurality of polynomial expression elements; amodification function generator coupled to the random bit generator, themodification function generator generating a variable period functionoutput; and wherein the variable period function output modifies anoperation of one or more of the polynomial expression elements.
 15. Thesystem of claim 14 wherein one or more of the polynomial expressionelements comprises a coefficient selector.
 16. The system of claim 14wherein one or more of the polynomial expression elements comprises adelay element.
 17. The system of claim 14 wherein one or more of thepolynomial expression elements comprises a register.
 18. The system ofclaim 14 wherein the variable period function generator generates thevariable period function output as a function of a voltage.
 19. Thesystem of claim 14 wherein the variable period function generatorgenerates the periodic function output as a function of a temperature.20. A system for generating a bit stream comprising: a periodic functiongenerator generating a periodic function output as a function of avoltage or a temperature; a plurality of coefficient selectors coupledto the periodic function generator, each of the coefficient selectorsreceiving the periodic function output and generating a coefficient; aplurality of expression calculators, each coupled to one of thecoefficient selectors and a polynomial term register and generating apolynomial term based on the coefficient received from the correspondingcoefficient selector and a polynomial term received from thecorresponding polynomial term register; and a selector selecting one ofthe plurality of generated polynomial terms to generate a bit in arandom bit stream.